Whoami.EXE Execution From Privileged Process (79ce34ca-af29-4d0e-b832-fc1b377020db)
Detects the execution of "whoami.exe" by privileged accounts that are often abused by threat actors
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Whoami.EXE Execution From Privileged Process (79ce34ca-af29-4d0e-b832-fc1b377020db) | Sigma-Rules | System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) | Attack Pattern | 1 |